PMKID Attacks: Debunking the 802.11r Myth. NCCGroup.com blog post. Pull quote: “The PMKID-based attack exploits a weakness in the WPA2 authentication process, specifically in the handling of the Robust Security Network (RSN) handshake. During authentication, the Pairwise Master Key (PMK) is used as the foundation for secure communication. Instead of intercepting a complete 4-way handshake, it is possible to retrieve the PMKID directly from the access point by initiating an RSN request. The PMKID is subsequently used in offline brute-force attacks to recover the Pre-Shared Key (PSK) of the network.”
Heels on fire. Hacking smart ski socks. PenTestPartners.com blog post. Pull quote: “We’ll cover this [hardware crypto mining] in detail in a follow up post in the new year, but initial poking at the hardware and mobile app suggests that arbitrary code execution may be possible on the battery pack controllers. There’s a chance we could get the batteries to mine crypto. More on that when we get time.”
Cybersecurity firm's Chrome extension hijacked to steal
users' data. BleepingComputer.com article.
Pull quote: “A clean version of the extension, v24.10.5 was published on
December 26. Apart from upgrading to the latest version, users of the
Cyberhaven Chrome extension are recommended to revoke passwords that aren’t
FIDOv2, rotate all API tokens, and review browser logs to evaluate malicious
activity.” Cybersecurity is hard, even people whose job is cybersecurity do not
get it right all of the time.
Posts
No comments:
Post a Comment